Deploying Virtual Edge with ARM Template

This section describes how to deploy a virtual edge with an Azure Resource Manager (ARM) template.

VeloCloud SD-WAN only supports a 2-NIC ARM deployment (i.e. GE1/WAN & GE2/LAN) when deploying a virtual edge. Of these two templates, one supports regions with Availability Zones (AZs) and the other supports regions without Availability Zones (AZs).

For regions with support/no support, see the following link: https://azure.microsoft.com/en-us/explore/global-infrastructure/geographies/#geographies.
Note: Version 4.2.1 has been removed from the Marketplace in favor of supporting the following two base images, virtual edge 4.5.2 and virtual edge 5.0.1. If the version required is different, the VeloCloud Orchestrator upgrades or downgrades as necessary upon activation, based on the version selected for Enterprise or Edge.
During deployment, if the following message appears you can ignore this message as VeloCloud SD-WAN does not support Azure Agent on vEdge, and there is no impact on vEdge performance.
Figure 1. VMAGENT WARNING

In this basic topology example, the Azure Virtual Network (vNET 172.16.0.0/16) is divided into a Public subnet (172.16.0.x/24) and a Private subnet (172.16.1.x/24). The virtual edge routes between the two subnets. The Public User-Defined Routes (UDR) will forward all offnet traffic to the Internet Gateway. The UDR in the Private subnet will forward all traffic to the LAN facing interface on the virtual edge (type Virtual Appliance). In this example, a default route is used to forward “ALL” traffic from the workloads but is not necessary. RFC1918 summarization or specific branch/Hub prefixes can be used to narrow what is sent to the virtual edge. For example, if the workloads in the Private Subnet still need to be accessible via SSH from publicly sourced IPs, then the UDR could be configured to point the default route (0.0.0.0/0) to Internet Gateway and RFC1918 summarization to the virtual edge.

To deploy a virtual edge with an ARM template, perform the following steps:

  1. Login into the Orchestrator and add the virtual edge to the Enterprise.
    1. In the Orchestrator, go to Configure > Edges and click the New Edge button.
      Figure 2. Configure Edges
    2. The Provision New Edge dialog box displays.
      Figure 3. Provision an Edge
    3. In the Provision New Edge dialog, provide the required details and click Save:
      1. Enter a name in the Name text box.
      2. From the Model drop-down menu, choose Virtual Edge.
      3. From the Profile drop-down menu, choose a Profile.
        The Edge is provisioned with an activation key, as shown in the following image. Make a note of this activation key.
        Figure 4. Edge Provisioned with Activation Key
  2. Configure virtual edge interfaces.
    CAUTION: Make sure to configure the Device settings before activating the virtual edge. If you miss to configure device setting, the virtual edge activates, but then goes offline a few minutes later.
    1. Navigate to the virtual edge’s Device Settings tab.
      Figure 5. Device Settings for Virtual Edges
    2. Change the Interface Settings as follows:
      1. Change the GE1 interface capability from “Switched” to “Routed” (if needed) and activate DHCP addressing and WAN overlay.
      2. In the GE2 interface, deactivate WAN overlay as this interface will be used for the LAN-side Gateway. Also, deactivate Network Address Translation (NAT) Direct Traffic.
        Figure 6. Interface Settings for Virtual Edge
  3. Launch the virtual edge via one of the two ARM templates as follows:
    Note: If this is the first deployment of the virtual edge, it might be necessary to “Subscribe” to the Edge version in the Azure Marketplace before deploying from ARM Template.
    1. In the Microsoft Azure portal, navigate to Templates and click +Add.
      Figure 9. Add Templates
    2. Enter the name and description of the template or deployment.
      Figure 10. Add General Information
    3. Cut and paste the template in the ARM Template area.
      Figure 11. Add ARM Template
    4. Click Deploy.
      Figure 12. Deploy Template
    5. Complete the template form.
      Figure 13. Template Form
      Note: You can only SSH and login with a private key.
    6. Agree to the terms and conditions and click the Purchase button.
      Figure 14. Azure Marketplace Terms and Conditions

      Azure will begin the deployment which can take a few minutes to complete. To follow the progress, click Deployment in Progress… and refresh.

      Figure 15. Deployment In Progress State
      Figure 16. Deployment Underway State

      Once the virtual edge deployment is complete, the virtual edge will boot up and reach out to the Orchestrator with its activation key to complete virtual edge activation.

      Figure 17. Deployment Complete State
  4. Verify that the virtual edge is activated in the Orchestrator.
    Once the instance is running in Azure and all information provided is correct, the virtual edge will reach out to the Orchestrator with the activation key, activate, and perform software update if needed, and reboot if upgraded. Typical deployment time is between three to four minutes.
    Figure 18. Verify Virtual Edge Activation